This exploit allows an attacker to include arbitrary files on a vulnerable phpBB 2.0.4 installation. By manipulating the 'sfile' variable, an attacker can execute malicious code on the server. The vulnerability was discovered in June 2003 by Spoofed Existence.
This module exploits a command execution vulnerability in AROX School-ERP. 'import_stud.php' and 'upload_fille.php' do not have session control. Session start/check functions in Line 8,9,10 are disabled with slashes. Therefore an unathenticated user can execute the command on the system.
This exploit takes advantage of a buffer overflow vulnerability in Aida64 version 6.00.5100. By pasting specific content into the 'Log Sensor Reading to CSV log File' field in the application, an attacker can trigger a SEH buffer overflow.
The Pronestor service PNHM before 8.1.12.0 has insecure permissions for the PronestorHealthMonitor.exe file, allowing local users to gain privileges by executing a Trojan horse PronestorHealthMonitor.exe file. The vulnerability is due to the weak file permissions set during the installation of Pronestors Outlook-Add-In, which creates the PNHM service running as SYSTEM and allows all Authenticated Users to potentially execute arbitrary code as SYSTEM on the local system.
This exploit adds an account to the machine by appending a file using logrotate. It relies on logrotate for help and can be modified to work with cron daemons that are not too strict about the cron file format.
This vulnerability is in the authentication state and is located in the CMS management panel. There are two vulnerabilities: Vuln One and Vuln Two. Vuln One is in the URI POST /ulicms/admin/index.php?action=languages with parameter name. Vuln Two is in the URI POST /ulicms/admin/index.php?action=pages_edit&page=23 with parameter systemname.
This exploit allows an attacker to bypass CVE-2019-0841 by deleting files and subfolders within a specific directory, causing Microsoft Edge to crash and then write the DACL while impersonating the SYSTEM. The bug is not restricted to Edge and can potentially be triggered with other packages as well. The bug can be triggered silently without Edge popping up, by launching Edge once and then minimizing or closing it. The exploit can be executed programmatically, using methods like sendinput.
The vulnerability allows an attacker to execute arbitrary SQL commands on the target system by injecting malicious SQL code into the 'id' parameter of the 'leggi_commenti.asp' page. By exploiting this vulnerability, an attacker can retrieve sensitive information from the database, such as passwords.
This module exploits untrusted serialized data processed by the WAS DMGR Server and Cells. NOTE: There is a required 2 minute timeout between attempts as the neighbor being added must be reset.
When `Grow` is called on a `WebAssembly.Memory` object that's backed by a `SharedArrayBuffer`, it uses the buffer's backing store pointer to construct a new array buffer[1]. Calling `Detach` on shared buffers is prohibited by the spec, so the method just leaves the old one as it is. Thus two array buffers mi